For more than two decades, people have struggled to understand the cyber threat, evaluate the risks to individuals, organizations (including nation-states), and society at large, and craft appropriate responses. Although many organizations have invested significantly in information assurance, most computer security experts believe that a well-resourced and persistent adversary will more often than not be successful in attacking systems, especially if raising defenses is the only response to an attack. For this reason, increasing attention is being paid to deterring such attacks in the first instance, especially by governments that have the power to investigate criminal activity and use a wide range of tools to respond to other public safety and national security concerns.

Notwithstanding this emerging discussion, it appears to many people that neither governments nor industry are well-positioned to respond to this highly complex threat and that, from a policy and tactical perspective, there is considerable paralysis. In my Rethinking Cyber Threats and Strategies paper I discuss a framework for categorizing and assessing cyber threats, the problem with attribution, and possible ways for society to prevent and respond to cyber threats.

In my speech today at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, I proposed one possible approach to addressing botnets and other malware impacting consumer machines. This approach involves implementing a global collective defense of Internet health much like what we see in place today in the world of public health. I outline my vision in a new position paper Microsoft is publishing today titled “Collective Defense: Applying Public Health Models to the Internet.”

Just over a year ago, we successfully took down the botnet Waledac. Based on the knowledge gained in that effort, we have successfully taken down a larger, more notorious and complex botnet known as Rustock.

Posted by Brad SmithExecutive Vice President & General Counsel, Microsoft

Did you know that only eight states in the country have a higher percentage of functionally obsolete bridges than Washington? The fact is, over the past two decades, the Puget Sound region’s transportation infrastructure has failed to keep pace with the region’s population and job growth.

Enhanced mobility across the region is an important local priority for Microsoft. With nearly 40,000 employees based in the Puget Sound region, the company and our people need an efficient transportation system. It is important to our own business, and it’s important to economic growth, job creation and the quality of life across our state.

As a company, we’re opposing Initiative 1125 on the Washington state ballot this November because it would seriously undermine improvements to our transportation infrastructure, unfairly eliminate options for commuters, and impact the state’s economy.

I am proud to work for a company like Microsoft that has a long-standing commitment to protecting children. I am especially pleased to be able to share that Microsoft is participating in a new collaborative effort with other technology companies, advocates and the Demi and Ashton Foundation (DNA) to find new ways to put technology to work protecting children from sexual exploitation and abuse.

Today, I joined Demi Moore and Ashton Kutcher, the co-founders of the DNA Foundation, at the annual Clinton Global Initiative meeting in New York City to discuss this effort.At the event, the DNA Foundation launched their “Real Men” campaign to raise awareness about the issues of child sex trafficking and exploitation. They also shared some information about the work Microsoft and others have been exploring with them in a task force to develop creative technological solutions to help address this horrible problem.

The scale of the online child pornography problem and the amount of data associated with these types of investigations is massive. This is why we are proud to announce that we are partnering with NetClean to make our Microsoft PhotoDNA image matching technology available to law enforcement at no cost to help enhance their child sex abuse investigations – empowering them to more efficiently identify and rescue victims and bring abusers to justice.

Since 2002, the National Center for Missing & Exploited Children (NCMEC) has reviewed more than 65 million images and videos of child sexual exploitation reported by law enforcement. The images continue to grow increasingly violent and the victims younger, with 10 percent of the images reviewed by NCMEC today being infants and toddlers who can’t tell anyone about their abuse. When child pornography images are shared and viewed amongst predators online, it is not simply the distribution of objectionable content – it is community rape of a child. These crimes turn a single horrific moment of sexual abuse of a child into an unending series of violations of that child.